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QUESTION 1 

Your network contains an Active Directory domain named adatum.com. The domain contains two 
domain controllers that run Windows Server 2012 R2. The domain controllers are configured as 
shown in the following table. 



You log on to DC1 by using a user account that is a member of the Domain Admins group, and 
then you create a new user account named Userl . You need to prepopulate the password for 
Userl on DC2. What should you do first? 

A. Connect to DC2 from Active Directory Users and Computers. 

B. Add DC2 to the Allowed RODC Password Replication Policy group. 

C. Add the Userl account to the Allowed RODC Password Replication Policy group. 

D. Run Active Directory Users and Computers as a member of the Enterprise Admins group. 

Answer: C 
Explanation: 

http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx 
http://technet.microsoft.com/en-us/library/cc753470(v=ws.10).aspx#BKMK_pre 

* To prepopulate the password cache for an RODC by using Active Directory Users and Computers 



1. CM Start, diet Administrative Tool*. And then click Active Directory Uteri uvi Comfurterc 

2, Ensure that Active Directory Uiers anfl Comfmters. points to the vwrUbie domain controller that is running Windows Server 200$, *nd then cue* 

Domain Controller* 

i. tnlltr delalls pane, nght-tiicfc the ftOOC computer account, and then click Properties. 
*. Cl«k the Password Replication Policy :>b. 
1. ClKk Adirarwrd 

6. Click Piepcumlate Pa»word*. 

7. Tipe the name ol the account's whose passwords you want to prepopulate in the cache for the RO0C arm then click OK- 

8. When you ale asked if you want to Send the passwords for the accounts to the RODC, click Ve*. 



QUESTION 2 

Your company has offices in Montreal, New York, and Amsterdam. The network contains an Active 
Directory forest named contoso.com. An Active Directory site exists for each office. All of the sites 
connect to each other by using the DEFAULTIPSITELINK site link. You need to ensure that only 
between 20:00 and 08:00, the domain controllers in the Montreal office replicate the Active 
Directory changes to the domain controllers in the Amsterdam office. The solution must ensure that 
the domain controllers in the Montreal and the New York offices can replicate the Active Directory 
changes any time of day. What should you do? 

A. Create a new site link that contains Montreal and Amsterdam. 
Remove Amsterdam from DEFAULTIPSITELINK. 

Modify the schedule of DEFAULTIPSITELINK. 

B. Create a new site link that contains Montreal and Amsterdam. 
Create a new site link bridge. 

Modify the schedule of DEFAU LTIPSITELINK. 

C. Create a new site link that contains Montreal and Amsterdam. 
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Domain controller name 



Configuration 



DC1 



Domain controller 



DC2 



Read-only domain controller (RODC) 
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Remove Amsterdam from DEFAULTIPSITELINK. 
Modify the schedule of the new site link. 
D. Create a new site link that contains Montreal and Amsterdam. 
Create a new site link bridge. 
Modify the schedule of the new site link. 

Answer: C 
Explanation: 

Very Smartly reworded with same 3 offices. In the exam correct answer is "Create a new site link 
that contains Newyork to Montreal. 

Remove Montreal from DEFAULTIPSITELINK. Modify the schedule of the new site link". 
http://technet.microsoft.com/en-us/library/cc755994(v=ws.10).aspx 

QUESTION 3 

Your network contains two Active Directory forests named contoso.com and adatum.com. A two- 
way forest trust exists between the forests. The contoso.com forest contains an enterprise 
certification authority (CA) named Server"!. You implement cross-forest certificate enrollment 
between the contoso.com forest and the adatum.com forest. On Server"!, you create a new 
certificate template named Template"! . You need to ensure that users in the adatum.com forest can 
request certificates that are based on Template"!. Which tool should you use? 



A. DumpADO.psI 

B. Repadmin 

C. Add-CATem plate 

D. Certutil 

E. PKISync.ps"! 



Answer: E 
Explanation: 

B. Repadmin.exe helps administrators diagnose Active Directory replication problems between 
domain controllers running Microsoft Windows operating systems. 

C. Adds a certificate template to the CA. 

D. Use Certutil.exe to dump and display certification authority (CA) configuration information, 
configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, 
and certificate chains. 

E. PKISync.ps"! copies objects in the source forest to the target forest 
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx#BKMK_Consolidating 
http://technet.microsoft.com/en-us/library/cc770963(v=ws.10).aspx 
http://technet.microsoft.com/en-us/library/hh848372.aspx 
http://technet.microsoft.com/library/cc732443.aspx 
http://technet.microsoft.com/en-us/library/ff961 506(v=ws. 1 0).aspx 
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4 Cc*wcHda3r^ csr'.rScj'jtttmciijffrsfcrr' mtjtole %rwts 

B«ttUS* -0 CS dep|rjym*rriJ Can irary greatly, fls* W*{t slept y<JU mutt ta*» » CWWWK! Iflor ««fW»g certificate lemptales cannot M described * tlMS go*}*. 
The goal is to reduce the number of CAs and certificate templates in * muMorett erhironrnerrt b» creating a set of cerafictfe template 5 ifiiifd by resource forest 

Bawd on the number of tatesH arid certificate templates in your ermroranenl ihe timeframe you have to complete «D CS c<mo4dation. and the requrements ol 
jW org3flir*licn. you can, me 9 combination of procedure* detcnted in tUs section lo define 1N set ol cert*i«tetempi»i« issued by your resource forest CM 

For each certificate template you plan to issue from the resource forest consider which ol the follow™) method: best meets the gaits and requirements of your 
OrgarUUbon and comfrfete tti* procedures described in But section. 

• Copying a«ourt forest certificate templates into the resource forest 

• Consokdahrvg cerbf>c*fe templates with senior purposes from multiple account forests 

• CoMoWauisg version 2 and eernan J default certificate templates 

• Consolidating version 1 deiauti eerUiuit templates 

The procedures descried in tfes section require the '.videos pc« ersnefl script PCSync.psL complete tine proce-dure ra Save POSyncpsi to a file. 



QUESTION 4 

You have a server named Serverl that runs Windows Server 2012 R2. Serverl has the Windows 
Deployment Services server role installed. You back up Serverl each day by using Windows 
Server Backup. The disk array on Serverl fails. You replace the disk array. You need to restore 
Serverl as quickly as possible. What should you do? 

A. Start Serverl from the Windows Server 2012 R2 installation media. 

B. Start Serverl and press F8. 

C. Start Serverl and press Shift+F8. 

D. Start Serverl by using the PXE. 



Answer: A 
Explanation: 

A. Recovery of the OS uses the Windows Setup Disc 
http://technet.microsoft.com/en-us/library/cc753920.aspx 

http://www.windowsnetworking.com/articles_tutorials/Restoring-Windows-Server-BareMetal.html 
QUESTION 5 

Your network contains two servers named Serverl and Server2 that run Windows Server 2012 R2. 
Both servers have the Hyper-V server role installed. Serverl and Server2 are located in different 
offices. The offices connect to each other by using a high-latency WAN link. Server2 hosts a virtual 
machine named VM1. You need to ensure that you can start VM1 on Serverl if Server2 fails. The 
solution must minimize hardware costs. What should you do? 



A. On Serverl , install the Multipath I/O (MPIO) feature. 
Modify the storage location of the VHDs for VM1. 

B. From the Hyper-V Settings of Server2, modify the Replication Configuration settings. 
Enable replication for VM1 . 

C. On Server2, install the Multipath I/O (MPIO) feature. 
Modify the storage location of the VHDs for VM1 . 

D. From the Hyper-V Settings of Serverl , modify the Replication Configuration settings. 
Enable replication for VM1 . 

Answer: D 
Explanation: 
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You first have to enable replication on the Replica server— Serverl --by going to the server and 
modifying the "Replication Configuration" settings under Hyper-V settings. You then go to VM1-- 
which presides on Server2— and run the "Enable Replication" wizard on VM1. 



ft Server 



JH Virtual Hard Disks 

C:\vHDs 
IP Virtual Machines 

C:\VHDs>Hyper-V 
\ Physical GPUs 

Manage RemoteFX GPUs 
• L, NUMA Spanning 

Allow NUMA Spanning 

|qP Live Migrations 

1 in Live Migrations 

53 Storage Migrations 

2 Simultaneous Migrations 



Not enabled as a Replica server 



ft User 



42 Keyboard 

Use on the virtual machine 
jP Mouse Release Key 

CTRL +ALT+LEFT ARROW 
Reset Check Boxes 

Reset check boxes 



|f Replication Configuration 

I | Enable this computer as a Replica server. 

- Authentication and ports — 

Specify the authentication types to allow for incoming replication traffic. Ensure 
that the ports you specify are open in the firewall. 

□ Use Kerberos (HTTP): 

Data sent over the network will not be encrypted. 

Speafy the port: 



80 



□ Use certificate-based Authentication fHTTPS): 
Data sent over the network will be encrypted, 
Specify the port. 



443 



Speafy the certificate: 



Issued To: 
Issued By: 
Expiration Date: 
Intended Purpose: 



Select Certificate... 



Authorization and storage — 

Specify the servers that are allowed to repficate virtual machines to this 
computer. 

O Alow replication from any authenticated server 
Specify the default location to store Repfica files: 



C:\VHDs 



Browse... 



® Allow replication from the specified servers: 



Primary Server 



Storage Location 



Trust Group 
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Enable Replication for VDISRV2 LJL 




Before You Begin 



Specify Replica Server 



Specify Connection 
Parameters 

Choose RepJicafjor VHDs 

Configure Recovery History 

Choose Initial Heplcation 
Method 

Summary 



Specif,' the Replica server name to use to replicate this virtual machine, If the Replica server is on a 
failover cluster, specify the name of the Hyper -V Replica Broker as the Replica server, Use the 
Failover Cluster Manager on the Replica server to find the name of the Replica Broker. 



Replica server: 



Browse.. 



•=: Pre? 10 lie 



Next? 



rmish 



Cancel 



QUESTION 6 

Your network contains an Active Directory domain named contoso.com. 
You deploy a server named Serverl that runs Windows Server 2012 R2. 

A local administrator installs the Active Directory Rights Management Services server role on 
Serverl . 

You need to ensure that AD RMS clients can discover the AD RMS cluster automatically. 
What should you do? 



A. Run the Active Directory Rights Management Services console by using an account that is a member 
of the Schema Admins group, and then configure the proxy settings. 

B. Run the Active Directory Rights Management Services console by using an account that is a member 
of the Schema Admins group, and then register the Service Connection Point (SCP). 

C. Run the Active Directory Rights Management Services console by using an account that is a member 
of the Enterprise Admins group, and then register the Service Connection Point (SCP). 

D. Run the Active Directory Rights Management Services console by using an account that is a member 
of the Enterprise Admins group, and then configure the proxy settings. 



Answer: C 



QUESTION 7 

Your network contains an Active Directory domain named contoso.com. The domain contains three 
servers named Serverl , Server2, and Server3 that run Windows Server 2012 R2. All three servers 
have the Hyper-V server role installed and the Failover Clustering feature installed. Serverl and 
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Server2 are nodes in a failover cluster named Cluster"!. Several highly available virtual machines 
run on Cluster"!. Cluster"! has the Hyper-V Replica Broker role installed. The Hyper-V Replica 
Broker currently runs on Server"! . Server3 currently has no virtual machines. You need to configure 
Cluster"! to be a replica server for Server3 and Server3 to be a replica server for Cluster"! . Which 
two tools should you use? (Each correct answer presents part of the solution. Choose two.) 

A. The Hyper-V Manager console connected to Server3 

B. The Failover Cluster Manager console connected to Server3 

C. The Hyper-V Manager console connected to Server"! . 

D. The Failover Cluster Manager console connected to Cluster"! 

E. The Hyper-V Manager console connected to Server2 

Answer: AD 
Explanation: 

http://technet.microsoft.com/en-us/library/jj134240.aspx 

d To configure the Replica server 

1. In Hyper-V Manager, dick Hyper-V Settings in the Actions pane. 

2. In the Hyper-V Settings dialog, click Replication Configuration. 

3. In the Details pane, select Enable this computer as a Replica server. 

4. In the Authentication and ports section, select the authentication method you decided on in Step 1: Prepare to Deploy Hyper-V Replica. For either 
authentication method, specify the port to be used (the default ports are 30 for Kerberos over HTTP and 443 for certificate-based authentication over 
HTTPSI. 

5. If you are using certificate-based authentication, dickSelectCertificateand provide the request certificate information. 

6. In the Authorization and storage section, use the radio buttons to specify whether to allow any authenticated (primary) server to send replication 
data to this Replica server or to limit acceptance to data from specific primary servers. You can use wildcard characters to limit acceptance to servers 
from a particular domain without having to specify them all individually (for example, '.con toso.com). If you specify individual primary servers, you 
can designate a separate storage location for Replica data for each one, as well grouping them with the Trust Group tag. 

7 . Click OK or Apply whe nyou arefinlshed. 

d To configure a Replica server that is part of a failover cluster 
1 . Hi Server Manage', open t aHovtv Chnte Manager 

3. In the left pan*, conned m the duitH. and wmle the cluster name ej highlighted, did Ram in Uie Navigate category of In* Details pane 

3. Right .ciidt the idle and chsese ReorMafjon Setting*. 

4. In In* Detnh pane, select Enable this ctuito as a RepKa te«ver 

5. In the Authentication and porti lection, select the authentication method you decided On in Step I: Piepare to Deploy Hyper-V RepMa. for either 

aA/h<rvti<af=c-n method, specify the port to be used (the default pcrti are 50 tor Kerb«<os over HTTP and 44 j tor certificate-based luthenticatlon over 

HTTPS) 

5. It you are usmfl certificate-bated authentication, click Select Certificate and piowoe the request certificate info«i"«tion. 

7. In the AuUKHuanon and ttorag* section utf the radio buttons to specify whether to allow any autnemicated H>nsiary) server 10 send replication 
dale to this Replica server or to limit acceptance to data from specific primary server)- ickj can use wildcard charade's to llnwt acceptance to serve's 
from a particular domain without having to ipeaiy them all individually ifor example. ■.contoso-comj. H you specify mdmdual primary servers, you 
can designate a up ante storage location to« Replica data tor each one, as well gic-uptng tf>em with the Trust Group tag. 

QUESTION 8 

You have a file server named Serverl that runs Windows Server 2012 R2. The folders on Serverl 
are configured as shown in the following table. 
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Folder name NTFS encryption 


NTFS compression 


Folderl 


No 


NO 


FoIder2 


Yes 


No 


Folder3 


No 


Yes 



A new corporate policy states that backups must use Microsoft Online Backup whenever possible. 
You need to identify which technology you must use to back up Server"!. The solution must use 
Microsoft Online Backup whenever What should you identify? To answer, drag the appropriate 
backup type to the correct location or locations. Each backup type may be used once, more than 
once, or not at all. You may need to drag the split bar between panes or scroll to view content. 



Backup Type 

Microsoft Online Backup 
Windows Server Backup 



Answer Area 



Folderl 




Backup type 




Folder2 




Backup type 




Folder3 


Backup type 


System State 


Backup type 



Answer: 



Backup Type 



Microsoft Onlme Backup 



Answer Area 
Folderl Microsoft Online Backup 



Windows Server Backup 



Folder2 
Folder3 



Microsoft Online Backup 
Microsoft Online Backup 



System State Windows Server Backup 



Explanation: 

http://technet.microsoft.com/en-us/library/hh831 761 .aspx 

£f Note 

Using Windows Azure Online Backup does not require that you install Windows Server Backup. However, the two backup methods complement each other. \i 
available by using Windows Azure Online Backup. 

QUESTION 9 

You have a DNS server named Serverl that runs Windows Server 2012 R2. Serverl has a signed 
zone for contoso.com. You need to configure DNS clients to perform DNSSEC validation for the 
contoso.com DNS domain. What should you configure? 

A. The Network Connection settings 

B. A Name Resolution Policy 

C. The Network Location settings 

D. The DNS Client settings 
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Answer: B 
Explanation: 

B. In a DNSSEC deployment, validation of DNS queries by client computers is enabled through 
configuration of IPSEC & NRPT 

http://technet.microsoft.com/en-us/library/ee6491 82(v=ws. 1 0).aspx 
http://technet.microsoft.com/en-us/library/ee6491 36(v=ws. 1 0).aspx 

•/ Cti«HKn Wpioymg DNSSK wa t(*t« on tiw ohs a*m 





na 




□ 


B*yi«Vi ««[(pi! 101 \nt titmt R« »iuuon Policy Taeu ffiwri. 


-S. lntiodudion M «K MWT 


n 


D«(«i Htmt ftescfuti«n polKy Httingi 1c Of45 tlitnt <wnput<ii. 


D e aiof Uamt RtwHAKm Polity lo Cli<nt Computer 


□ 


D«pi«j |Pi« p»liqri*ntn»! to Dtn 0'«M computtfJ. 


i&OtptorPttt Polity 10 Cfccnt Csmputtn 



QUESTION 10 

Your network contains an Active Directory domain named contoso.com. The domain contains a 
domain controller named DC1 that runs Windows Server 2012 R2. On Del, you open DNS 
Manager as shown in the exhibit. (Click the Exhibit button.) 



DNS Manager 



— n 



File Action View Help 


* DNS 


Name 


A j DC1 


foci 


a Forward Loc kup Zones 




> _msdcs.contoso.com 




b £ contoso.com 




I Rc . erse Lookup Zcne- 




[ Trust Points 




t> 3 Conditional Forwarders 




> Global Legs 





You need to change the replication scope of the contoso.com zone. What should you do before 
you change the replication scope? 

A. Modify the Zone Transfers settings. 

B. Add DC1 to the Name Servers list. 

C. Add your user account to the Security settings of the zone. 

D. Unsign the zone. 

Answer: D 
Explanation: 
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D. Lock icon signifies that the Zone has been signed. Changes to the zone are blocked when signed 
http://www.microsoft.com/en-us/download/dlx/ThankYou.aspx?id=29018 

Once azone js.sjgngcifor DNSSEC, the DNS serverwill explicitly block attempts to change the 
Note: zone replication scope or zone type while the zone is signed. This is primarily to avoid 
complexities related to key storage. 



QUESTION 11 

Your network contains an Active Directory domain named contoso.com. The domain contains a 
domain controller named DC1 and a member server named Server"!. Serverl has the IP Address 
Management (IPAM) Server feature installed. On Del, you configure Windows Firewall to allow all 
of the necessary inbound ports for IPAM. On Serverl, you open Server Manager as shown in the 
exhibit. (Click the Exhibit button.) 

f_ Server Manage! 



(?) " * IPv4 ► Managed Servers 



©i r 



- a 



Manage Tools View Help 



i 
ii 

TI 
ii 



OVERVIEW 



SERVER INVENTORY 



IP ADDRESS SPACE 

IP Address Blocks 

IP Address Inventory 

IP Address Range Groups 
MONITOR AND MANAGE 

DNS and DHCP Servers 

DHCP Scopes 

DNS Zone Momtonng 

Servet Groups 
EVENT CATALOG 

E = 
IPv4 



Managed Servers 

Managed Set-veis 1 1 total 



TASKS - 



© 



Recommended Action IPAM Ace est Status Servei Name Domain Name Stiver Type IP Address 



Unblock IPAM access Blocked DO <ontoso.com DC. DNS 10.0.0 1 



Pct.il> View 

DO 



MorvDgcd Soven 



Unmsnsged Servers 

IPv6 

Mar»aged Servers 
Unmanaged Servers 



1 Details B ] 




Data Retrieval Status: 


Completed 






-> 




Manageability Status; 


Managed 










IPAM Access Status: 


Blocked 










Recommended Action: 


Unblock IPAM access 










Owner 












DHCP RPC Access Status; 


Not applicable 










DH CP Audit Share Access Status: 


Hot applicable 










DNS RPC Access Status: 


UnBlocked 










Event Log Access Status: 


Blocked 








< 






n 


l> 





You need to ensure that you can use IPAM on Serverl to manage DNS on DC1 . What should you 
do? 

A. Modify the outbound firewall rules on Serverl . 

B. Modify the inbound firewall rules on Serverl . 

C. Add Serverl to the Remote Management Users group. 

D. Add Serverl to the Event Log Readers group. 



Answer: D 
Explanation: 

Since no exhibit, the guess here is it's not using the GPO to manage the Event Log Readers group- 
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- evidenced by the fact that the firewall was configured manually instead of with the GPO. If the 
GPO was being used then the IPAM server would be in the Event Log Readers group due to 
restricted group settings in the GPO as shown below: 



IPAM_DNS 

Data colected on; 10/4/201 2 8:24:21 AM 
Computer Configuration (Enabled) 

Policies 



show all 

hide 



Windows Settings 
Security Settings 
Restricted Groups 



hide 
hide 





Group 


Members 


Mentor of 






VDIMPAMUG 




BUILTIN\Event Log Readers 




Windows Firewall with Advanced Security- hide 




Global Settings 






show 




Inbound Rules 






show 




Connection Security Settings 






show 



In the above example, the IPAM server is as member of the VDIMPAMUG group. 
http://technet.microsoft.com/en-us/library/jj878313.aspx 



DHCP, DNS. 
domain 

NPS 



Event log lh< eetnpuui aeeount of tht IPAM it tver must be a member at ttve Event Log Reader Ktur-ity group. 

lh* computer account for the IPam itrtet most lie granted tead access In the ACt that n maintained by the following 

registry key on tht OHS S* n*r. t>UCHI)NE\S¥Tt«n\CurrcmControlS^£<(vi<<}'iv<ntlog'i7HS JtrwcrCyjtomSD. This onrjf 

i equh-ed on DNS jerven. 

Tfce following fitcsvaii rules murt be enabled 

* Remote Even! log Management IHPC] 

• demote Event log Management iRPGEPMAft 



QUESTION 12 

Your network contains an Active Directory domain named contoso.com. The domain contains 
servers named Serverl and Server2 that run Windows Server 201 2 R2. Serverl has the IP Address 
Management (IPAM) Server feature installed. You install the IPAM client on Server2. You open 
Server Manager on Server2 as shown in the exhibit. (Click the Exhibit button.) 
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Server Manager 



_ □ 



(?) 94 Dashboard 



" (S) I Manage lools View Help 



lii Dashboard 



| Local Server 
|i All Servers 

tl DHCP 

File and Storage Services > 
ie IIS 



ROLES AND SERVER GROUPS 

Roles 3 | Server groups: 1 | Servers total: 1 



f| DHCP 



(?) Manageability 
Events 
Services 
Performance 
BPA results 



4/26/2012 £2-1 AM 



File and Storage 
Services 



You need to manage IPAM from Server2. What should you do first? 



A. On Serverl , add the Server2 computer account to the IPAM MSM Administrators group. 

B. On Server2, open Computer Management and connect to Serverl . 

C. On Server2, add Serverl to Server Manager. 

D. On Serverl , add the Server2 computer account to the IPAM ASM Administrators group. 

Answer: C 
Explanation: 

http://technet.microsoft.com/en-us/library/hh831453.aspx 
WELCOME TO SERVER MANAGER 



QUICK START 




Configure this local server 



2 Add roles and features 



m 

Add other servers to manag 




4 Create a server group 
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QUESTION 13 

Your network contains an Active Directory domain named contoso.com. The domain contains a 
domain controller named Del . DC1 has the DNS Server server role installed. The network has two 
sites named Sitel and Site2. Sitel uses 10.10.0.0/16 IP addresses and Site2 uses 10.11.0.0/16 IP 
addresses. All computers use DC1 as their DNS server. The domain contains four servers named 
Serverl, Server2, Server3, and Server4. All of the servers run a service named Servicel. DNS 
host records are configured as shown in the exhibit. (Click the Exhibit button.) 



- 






DNS Manager ~ 


□ 




File Action 


View Help 










'J? 


i s & IB n 


in; 



I DNS 



3 

4 



DC1 

_j Forward Lookup Zones 
{ _ _midcs.contoso.com 
I contoso com 

Reverse Lookup Zones 
_ Trust Points 
_ Conditional Forwarders 



! Global Logs 



Name 

j _mtdcs 
_ _srtes 

- _udp 

I DomainDnsZones 
■ 1 ForestDnsZones 
~~ 1 (same as p-arent folder) 

| (same as parent folder) 
n (same as parent folder) 

□ dd 

| Serverl 
[1 Served 
H ServerJ 
f~] Server4 
Q Servicel 

□ Servicel 
f_ | Service! 

[ | Service! 



Type 



Data 



Start ci Authority (50A) [101_ rjc1.contoso.co.- 
Name Server (NS) 
Host (A) 
Host (A) 
Host (A) 
Host (A) 
Host (A) 
Host [A) 
Host (A) 
Host (A) 
Host 7., 
Host (A) 



dc1.contoso.com. 

10.10.1.10 

10.10-1.10 

10.10.1.1 

10.10.2.2 

10.11 A3 

10.1 1A4 

10.10.1.1 

10.10.2.2 

10.11 A3 

10.11.4.41 



You discover that computers from the 10.10.1.0/24 network always resolve Servicel to the [P 
address of Serverl. You need to configure DNS on DC1 to distribute computers in Sitel between 
Serverl and Server2 when the computers attempt to resolve Servicel. What should run on DC1? 



A. dnscmd /config /bindsecondaries 1 

B. dnscmd /config /localnetpriority 0 

C. dnscmd /config /localnetprioritynetmask OxOOOOffff 

D. dnscmd /config /roundrobin 0 



Answer: C 
Explanation: 

A. Specifies use of fast transfer format used by legacy Berkeley Internet Name Domain (BIND) 
servers. 1 enables 

B. Disables netmask ordering. 

C. You can use the Dnscmd /Config /LocalNetPriorityNetMask OxOOOOFFFF command to use class 
B ( or 16 bit) for netmask ordering for DNS round robin 

D. Disables round robin rotation. 

http://technet.microsoft.com/en-us/library/cc737355(v=ws.10).aspx 
http://technet.microsoft.com/en-us/library/cc738473(v=ws.10).aspx 
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http://support.microsoft.com/kb/842197 

http://technet.microsoft.com/en-us/library/cc7791 69(v=ws. 10). aspx 
QUESTION 14 

Your network contains an Active Directory domain named contoso.com. The domain contains a 
main office and a branch office. An Active Directory site exists for each office. The domain contains 
two servers named Serverl and Server2 that run Windows Server 2012 R2. Both servers have the 
DHCP Server server role installed. Serverl is located in the main office site. Server2 is located in 
the branch office site. Serverl provides IPv4 addresses to the client computers in the main office 
site. Server2 provides IPv4 addresses to the client computers in the branch office site. You need 
to ensure that if either Serverl or Server2 are offline, the client computers can still obtain IPv4 
addresses. 

The solution must meet the following requirements: 

- The storage location of the DHCP databases must not be a single point 
of failure. 

- Serverl must provide IPv4 addresses to the client computers in the 
branch office site only if Server2 is offline. 

- Server2 must provide IPv4 addresses to the client computers in the main 
office site only if Serverl is offline. 

Which configuration should you use? 

A. load sharing mode failover partners 

B. a failover cluster 

C. hot standby mode failover partners 

D. a Network Load Balancing (NLB) cluster 

Answer: C 
Explanation: 

A. The load sharing mode of operation is best suited to deployments where both servers in a failover 
relationship are located at the same physical site. 

B. Hot standby mode of operation is best suited to deployments where a central office or data 
center server acts as a standby backup server to a server at a remote site, which is local to the 
DHCP clients 

C. Needs to be a DHCP Failover option 

D. Needs to be a DHCP Failover option 
http://technet.microsoft.com/en-us/library/hh831385.aspx 

http://blogs.technet.eom/b/teamdhcp/archive/2012/09/03/dhcp-failover-hot-standbymode.aspx 

Operation in Hot Standby mode 

Unlike the Load Balance mode, where the 2 DHCP servers compute a hash of the MAC address of the clients 
and decide whether to respond to the client or not, in hot standby mode, the servers do net compute hash of 
the MAC address of clients. The active server responds to all client requests and the standby server does not 
respond to any client requests at all while operating in NORMAL state. When active server goes down, the 
standby server transitions into Communication Interrupted state and starts responding to the clients. Once the 
active server is up, the standby server retreats into standby mode and stops responding to clients. This 
facilitates fallback of the clients back to the active server. 

QUESTION 15 

You have a DHCP server named Serverl. Serverl has an IP address 192.168.1.2 is located on a 
subnet that has a network ID of 192.168.1.0/24. On Serverl, you create the scopes shown in the 
following table. 



New Version Updated After 2014/7/1 - 100% Valid Ensure 



Get Latest & Actual 70-412 Exam's Question and Answers from PassLeader. 



Click Here — http://www.passleader.com/70-412.html 



HIP ass Leader 

Leader of IT Certifications 

Configuring Advanced Windows Server 2012 R2 Services (70-412) 

New Version Updated After 2014/7/1 - Ensure 100% Valid 



Scope name 


Network ID 


Scopel 


192,168.1,0/24 


5cope2 


192.168.2.0/24 



You need to ensure that Serverl can assign IP addresses from both scopes to the DHCP clients 
on the local subnet. What should you create on Serverl? 

A. A scope 

B. A superscope 

C. A split-scope 

D. A multicast scope 

Answer: B 
Explanation: 

A. A scope is an administrative grouping of IP addresses for computers on a subnet that use the 
Dynamic Host Configuration Protocol (DHCP) service. The administrator first creates a scope for 
each physical subnet and then uses the scope to define the parameters used by clients. 

B. A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) 
servers running Windows Server 2008 that you can create and manage by using the DHCP 
Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple 
scopes as a single administrative entity. 

D. Multicasting is the sending of network traffic to a group of endpointsdestination hosts. Only those 
members in the group of endpoints hosts that are listening for the multicast traffic (the multicast 
group) process the multicast traffic http://technet.microsoft.com/en-us/library/dd759168.aspx 
http://technet.microsoft.com/en-us/library/dd759152.aspx 

Configuring a DHCP Superscope 

13 out of IS rated Ihic lulpful Pale this topic 
applies To Windows ierver »M P2 

t sjpencepei; an ammwintit feature OS Dynamic Hon Configuration Protocol i.DHCP) terrors running WinrMwi Servej 2005 thai you can create and manage 
C>r g the DHCPMlutosoft Management Console fl.tf.Kl snap-in, Br using * superscope, you can group multiple: scopes as * tingle admlnlstrauve entity. WKh 
this feature, a DHCP never can: 

• Sup-port DHCP dunti tn a unoJi physical network f egment |s«*»i *i a tingM tttwnet UN segment! where multiple lettical P network* an tattd. Wheel 
more than one logical IP rbetrvoik is used on each physical subnet or nehvOik, such configurations are of len called TOtr*.ie£s, 

• Support icforfe DHCP clients located on the tai side of OMCP and BOOTP relay agents Iwhere the network on Use far side at the relay agent uses 

murtirteu). 

In muttinet conftguration-c, you can me DHCP tupertcopes to group and actr/atc irdntdual scope ranges of IP addresses used on your network- In thtl way. the 
DnCP server can activate and provide lease-s from more than one scope lo clients on a single physical network. 



QUESTION 16 

Your network contains servers that run Windows Server 2012 R2. The network contains a large 
number of iSCSI storage locations and iSCSI clients. You need to deploy a central repository that 
can discover and list iSCSI resources on the network automatically. Which feature should you 
deploy? 

A. the Windows Standards-Based Storage Management feature 

B. the iSCSI Target Server role service 

C. the iSCSI Target Storage Provider feature 

D. the iSNS Server service feature 

Get Latest & Actual 70-412 Exam's Question and Answers from PassLeader. 

New Version Updated After 2014/7/1 - 100% Valid Ensure 



Click Here -- http://www.passleader.com/70-412.html 



\\MsP ass Leader 

Leader of IT Certifications 

Configuring Advanced Windows Server 2012 R2 Services (70-412) 

New Version Updated After 2014/7/1 - Ensure 100% Valid 

Answer: D 
Explanation: 

A. Windows Server 2012 R2 enables storage management that is comprehensive and fully 
scriptable, and administrators can manage it remotely. A W Ml -based interface provides a single 
mechanism through which to manage all storage, including non-Microsoft intelligent storage 
subsystems and virtualized local storage (known as Storage Spaces). Additionally, management 
applications can use a single Windows API to manage different storage types by using standards- 
based protocols such as Storage Management Initiative Specification (SMI-S). 

B. Targets are created in order to manage the connections between an iSCSI device and the 
servers that need to access it. A target defines the portals (IP addresses) that can be used to 
connect to the iSCSI device, as well as the security settings (if any) that the iSCSI device requires 
in order to authenticate the servers that are requesting access to its resources. C. iSCSI Target 
Storage Provider enables applications on a server that is connected to an iSCSI target to perform 
volume shadow copies of data on iSCSI virtual disks. It also enables you to manage iSCSI virtual 
disks by using older applications that require a Virtual Disk Service (VDS) hardware provider, such 
as the Diskraid command. 

D. The Internet Storage Name Service (iSNS) protocol is used for interaction between iSNS servers 
and iSNS clients. iSNS clients are computers, also known as initiators, that are attempting to 
discover storage devices, also known as targets, on an Ethernet network. 
http://technet.microsoft.com/en-us/library/cc726015.aspx 
http://technet.microsoft.com/en-us/library/cc772568.aspx 

iSNS Server Overview 

3 out of o lated this helpful - Rite thh topic 
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The Internet Stor age frame Service (iSNSi protocol >e uied (ot interaction between I5N5 ten-en ami iSNS dienU. iSNS clienti ate computet}, also known as 
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Features of iSNS Server 

• iSNS Server a a repository of currentry active ISCSI nodes, at well at their associated poflats. errttlr«. etc. 

• Nodes can be initiators, targets, or management nodes . 

• Typically, initiator] and targets register with Use ISNS server, and the rMiatois query the ISMS server lot the list or available target). 

• A dynaenle database of the iSCSI devices and related information that are current l> available on the network. The database helpt provide iSCSItaiget 
diico.f r, tgncw:n»irt» lor tne rSCSl mni*TB4i on the network, me database is kept dynamic oyuiino the Registration Penod arsa Entity status sngufy 

features of iSf IS. Registration Period allows the server 1o automatically deregisttr stale entries. Entity Status Inquiry provides tht server a functionality 
staniltnto ping to determine MMtrMt registered clients are aW present on the network, and a»ows the sener to avtonvaticailrdt-regiitc' those clients 
which are no longer present. 

e State Change ffofitication Service: This alioivs registered clients 10 at maae aware of changes tome database m me iSNS serve/. It allows the clients; to 
•riaantaih a dynamic picture 01 live ISCSI dewces available on the network. 

• Dvscovety Domain Setvtte. This allowi art sdmmistiatsr 10 aisign iSCSI nodes and portals into one or more groups tailed *sc9veft doittsini. Discovery 
domami prorate a joning furwtionaMv by which an iSCSI initiaiov can only discover those iSCSI taigels who ha>< at least one tfrscovety domain in 
common wm 11. 

QUESTION 17 

Your network contains an Active Directory domain named contoso.com. The domain contains a file 
server named Serverl. All servers run Windows Server 2012 R2. All domain user accounts have 
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the Division attribute automatically populated as part of the user provisioning process. The Support 
for Dynamic Access Control and Kerberos armoring policy is enabled for the domain. You need to 
control access to the file shares on Serverl based on the values in the Division attribute and the 
Division resource property. Which three actions should you perform in sequence? 

Actions Answer Area 



From Active Directory Administrative Center, create a 
reference resource property. 



From Active Directory Administrative Center, create a 
resource property list. 



On the shared folders, set the classification value. 



From Active Directory Administrative Center, create a 
claim type. 



From Active Directory Users and Computers, configure 
the Delegation settings of Serverl. 



Answer: 

Actions 



Answer Area 



From Active Directory Administrative Center, create a 
resource property k$i. 



From Active Directory users and Computers, configure 
the Delegation settings of Serverl . 



From Active Directory Adovrvstrative Center, create a 
claim type. 



From Act-ve tvecto'y r A A .« C -i-.ro- '.icuto J 
reference resource property. 



On the shared folders, set the c>at*if>cat>on value. 



Explanation: 

First create a claim type for the property, then create a reference resource property that points back 
to the claim. Finally set the classification value on the folder 



QUESTION 18 

Your network contains two Active Directory forests named contoso.com and fabrikam.com. The 
contoso.com forest contains two domains named corp.contoso.com and contoso.com. You 
establish a two-way forest trust between contoso.com and fabrikam.com. Users from the 
corp.contoso.com domain report that they cannot log on to client computers in the fabrikam.com 
domain by using their corp.contoso.com user account. When they try to log on, they receive 
following error message: 

"The computer you are signing into is protected by an authentication firewall. The specified account 
is not allowed to authenticate to the computer." Corp.contoso.com users can log on successfully to 
client computers in the contoso.com domain by using their corp.contoso.com user account 
credentials. You need to allow users from the corp.contoso.com domain to log on to the client 
computers in the fabrikam.com forest. What should you do? 
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A. Configure Windows Firewall with Advanced Security. 

B. Enable SID history. 

C. Configure forest-wide authentication. 

D. Instruct the users to log on by using a user principal name (UPN). 

Answer: C 
Explanation: 

C. The forest-wide authentication setting permits unrestricted access by any users in the trusted 
forest to all available shared resources in any of the domains in the trusting forest. 
http://technet.microsoft.com/en-us/library/cc785875(v=ws.10).aspx 

Enable forest-wide authentication over a forest trust 
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QUESTION 19 

Your network contains two servers named Serverl and Server2 that run Windows Server 2012 R2. 
Both servers have the Hyper-V server role installed. The servers have the hardware configurations 
shown in the following table. 



Server name 


Configuration 


Serverl 


•AMD processors 
■ 16 processor cores 
• 32 GB of RAM 
•4 TB of storage 


Server2 


• Intel: processor 

• 16 processor cores 

• 64 GB of RAM 
•8 TB of storage 



Serverl hosts five virtual machines that run Windows Server 201 2 R2. You need to move the virtual 
machines from Serverl to Server2. The solution must minimize downtime. What should you do for 
each virtual machine? 



A. Export the virtual machines from Serverl and import the virtual machines to Server2. 

B. Perform a live migration. 

C. Perform a quick migration. 

D. Perform a storage migration. 

Answer: A 
Explanation: 
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None of these migration options will work between different Processors ( AMD/Intel). The only 
option remaining is to export and re-import the VMs 

QUESTION 20 

Your network contains an Active Directory domain named contoso.com. The domain contains two 
servers named Serverl and Server2. Both servers have the Hyper-V server role installed. You plan 
to replicate virtual machines between Serverl and Server2. The replication will be encrypted by 
using Secure Sockets Layer (SSL). You need to request a certificate on Serverl to ensure that the 
virtual machine replication is encrypted. Which two intended purposes should the certificate for 
Serverl contain? (Each correct answer presents part of the solution. Choose two.) 



A. Client Authentication 

B. Kernel Mode Code Signing 

C. Server Authentication 

D. IP Security end system 

E. KDC Authentication 



Answer: AC 
Explanation: 

http://blogs.technet.eom/b/virtualization/archive/201 2/03/1 3/hyper-v-replica-certificate- 
requirements.aspx 

Replica Server Certificate Requirements 

To enable a server to receive replication traffic, the certificate in the replica server must meet the following conditions 

• Enhanced Key Usage must support both Client and Server authentication 

• Set the Subject field or the Subject Alternative Name using one of the following methods: 

» For a SAN certificate., set the Subject Alternative Name's DNS Name to the replica server name (e.g.: 
repUcal.contoso.com), If the replica server is part of cluster, the Subject Alternative Name of the 
certificate must contain the replica server name *and* FQDN of the HVR Broker (install this certificate on all 
the nodes of the cluster.) 



Get Latest & Actual 70-412 Exam's Question and Answers from PassLeader. 

New Version Updated After 2014/7/1 - 100% Valid Ensure 



Click Here -- http://www.passleader.com/70-412.html 



